package com.cccccc.config;

import com.cccccc.filter.JwtAuthenticationTokenFilter;
import com.cccccc.service.UserDerailsServiceUmpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * --- 代码敲对！ ---
 *
 * @author CCCccc
 * @create 2025/8/22
 * 备注：
 * SecurityConfig类是Spring Security的配置类，用于配置Spring Security的行为。
 */

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // 开启方法级别的安全注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDerailsServiceUmpl userDerailsServiceUmpl; // 注入自定义的UserDetailsService实现类

    @Autowired
    private AuthenticationEntryPointImpl authenticationEntryPoint; // 注入自定义的AuthenticationEntryPoint实现类

    @Autowired
    private AccessDeniedHandler accessDeniedHandler; // 注入自定义的AccessDeniedHandler实现类

    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter; // 注入自定义的JwtAuthenticationTokenFilter实现类

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean(); // 返回AuthenticationManager实例
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 传入自己的UserDetailService,实现根据数据库进行认证
        // passwordEncoder 指定密码比对方式
        auth.userDetailsService(userDerailsServiceUmpl)
                .passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()// 配置请求的权限
                .antMatchers("/login","/user/quit").permitAll() // 允许所有用户访问登录接口
                .anyRequest().authenticated() // 其他请求都需要认证
        // 允许跨域
        .and().cors();

        http.csrf().disable(); // 禁用CSRF保护

        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint); // 设置自定义的AuthenticationEntryPoint实现类

        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler); // 设置自定义的AccessDeniedHandler实现类

        http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); // 设置会话创建策略为无状态

        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); // 在UsernamePasswordAuthenticationFilter之前添加自定义的JwtAuthenticationTokenFilter实现类
    }
}






















